Cmc
CVE-2022-0551
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (nozominetworks) · only source for this CVE.
CVSS VectorVendor: nozominetworks
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.
AnalysisAI
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. Affected products include: Nozominetworks Cmc, Nozominetworks Guardian. Version information: prior to 22.0.0..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript cod
Privilege escalation via configuration synchronization in Nozomi Networks Guardian and Central Management Console (CMC)
Privilege escalation in Nozomi Networks Guardian and CMC Threat Intelligence module allows authenticated view-only users
Path traversal in Nozomi Networks CMC and Guardian allows authenticated users with limited privileges to write arbitrary
Stored Cross-Site Scripting (XSS) in Nozomi Networks Guardian and CMC allows authenticated attackers with custom field p
Same weakness CWE-20 – Improper Input Validation
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today